Dan Knauss
on
October 4, 2023
Last Updated on October 4, 2023
Since last week, 97 total vulnerabilities have emerged in public disclosure. They may affect over two million WordPress sites. There are 50 plugin vulnerabilities with security patches, so run those updates!
Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you use an unpatched plugin or theme, check their vendors’ intentions and progress on a security release. Suppose no patch is forthcoming or the vulnerable software has been marked “closed” and dropped from the official WordPress theme and plugin repositories. In that case, you should consider deactivation and removal in favor of alternative solutions.
WordPress Core Vulnerabilities — Patched
WordPress core is very secure when it’s properly configured and maintained. Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites. Our weekly WordPress Vulnerability Report, powered by Patchstack, covers new vulnerabilities that have emerged in plugins, themes, and/or WordPress core since last week’s report. Our goal is to spread awareness of emerging security threats and help you decide what to do if you find vulnerable software on your website. For a deeper analysis of recent trends in WordPress vulnerabilities and threat vectors, see our 2022 Annual Vulnerability Report.
These reports are published every Wednesday and include all active vulnerabilities tracked by Patchstack as of Monday since the previous report. This leaves a 48-hour window for the newest emerging vulnerabilities to be patched before full public disclosure. iThemes Security Pro users have access to vulnerability alerts emerging within this window.
Get the weekly WordPress Vulnerability Report delivered to your inbox each Wednesday.
WordPress Plugin Vulnerabilities — Patched
In this section, you’ll find the most recently disclosed WordPress plugin vulnerabilities fixed with a new release from their authors and maintainers. Please apply the updates if you are affected!
These vulnerabilities have been disclosed and scored for their severity, thanks to our friends at Patchstack. Each plugin listing includes the type of vulnerability with its CVE number and CVSS severity rating with links to more technical details. You’ll also see the number of active sites using the plugin and the plugin version release that patches the vulnerability. We start with the most popular plugins, representing the largest target for attackers.
Table of Contents Plus
Plugin Slugtable-of-contents-plus
Installations300,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in Version2309
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2309.
ProfilePress
Plugin Slugwp-user-avatar
Installations200,000+
VulnerabilitySensitive Data Exposure
Patched in Version4.13.3
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 4.13.3.
FooGallery
Plugin Slugfoogallery
Installations100,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.3.2
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 2.3.2.
FooGallery
Plugin Slugfoogallery
Installations100,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in Version2.3.2
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2.3.2.
iframe
Plugin Slugiframe
Installations100,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version4.7
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 4.7.
Advanced Custom Fields: Extended
Plugin Slugacf-extended
Installations80,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version0.8.9.4
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 0.8.9.4.
Astra Bulk Edit
Plugin Slugastra-bulk-edit
Installations70,000+
VulnerabilityBroken Access Control
Patched in Version1.2.8
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.2.8.
Simple Membership
Plugin Slugsimple-membership
Installations50,000+
VulnerabilityPrivilege Escalation
Patched in Version4.3.5
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 4.3.5.
Simple Membership
Plugin Slugsimple-membership
Installations50,000+
VulnerabilityPrivilege Escalation
Patched in Version4.3.5
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 4.3.5.
Ditty
Plugin Slugditty-news-ticker
Installations40,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version3.1.25
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 3.1.25.
BEAR
Plugin Slugwoo-bulk-editor
Installations30,000+
VulnerabilityBroken Access Control
Patched in Version1.1.4
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.1.4.
BEAR
Plugin Slugwoo-bulk-editor
Installations30,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in Version1.1.4
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.1.4.
Abandoned Cart Lite for WooCommerce
Plugin Slugwoocommerce-abandoned-cart
Installations30,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version5.16.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 5.16.0.
WP Job Openings
Plugin Slugwp-job-openings
Installations30,000+
VulnerabilitySensitive Data Exposure
Patched in Version3.4.3
Severity ScoreLow
The vulnerability has been patched, so you should update to version 3.4.3.
flowpaper
Plugin Slugflowpaper-lite-pdf-flipbook
Installations20,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.0.4
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2.0.4.
Simple Cloudflare Turnstile
Plugin Slugsimple-cloudflare-turnstile
Installations20,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.23.2
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.23.2.
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slugwp-event-manager
Installations20,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version3.1.38
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 3.1.38.
Inactive Logout
Plugin Sluginactive-logout
Installations10,000+
VulnerabilityBroken Access Control
Patched in Version3.2.3
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 3.2.3.
Modal Window
Plugin Slugmodal-window
Installations10,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version5.3.6
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 5.3.6.
Options for Twenty Seventeen
Plugin Slugoptions-for-twenty-seventeen
Installations10,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.5.1
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2.5.1.
bbp style pack
Plugin Slugbbp-style-pack
Installations8,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version5.6.8
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 5.6.8.
Brands for WooCommerce
Plugin Slugbrands-for-woocommerce
Installations6,000+
VulnerabilityBroken Access Control
Patched in Version3.8.2.3
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 3.8.2.3.
WOLF
Plugin Slugbulk-editor
Installations5,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.0.7.2
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.0.7.2.
Active Directory Integration / LDAP Integration
Plugin Slugldap-login-for-intranet-sites
Installations5,000+
VulnerabilityBroken Access Control
Patched in Version4.2
Severity ScoreLow
The vulnerability has been patched, so you should update to version 4.2.
AI ChatBot
Plugin Slugchatbot
Installations4,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in Version4.7.9
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 4.7.9.
ActivityPub for WordPress
Plugin Slugactivitypub
Installations3,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.0.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.0.0.
ActivityPub for WordPress
Plugin Slugactivitypub
Installations3,000+
VulnerabilitySensitive Data Exposure
Patched in Version1.0.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.0.0.
ActivityPub for WordPress
Plugin Slugactivitypub
Installations3,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.0.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.0.0.
ActivityPub for WordPress
Plugin Slugactivitypub
Installations3,000+
VulnerabilitySensitive Data Exposure
Patched in Version1.0.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.0.0.
Checkfront Online Booking System
Plugin Slugcheckfront-wp-booking
Installations3,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in Version3.7
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 3.7.
DoLogin Security
Plugin Slugdologin
Installations3,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version3.7
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 3.7.
Import XML and RSS Feeds
Plugin Slugimport-xml-feed
Installations3,000+
VulnerabilityRemote Code Execution (RCE)
Patched in Version2.1.5
Severity ScoreCritical
The vulnerability has been patched, so you should update to version 2.1.5.
Import XML and RSS Feeds
Plugin Slugimport-xml-feed
Installations3,000+
VulnerabilityArbitrary File Upload
Patched in Version2.1.4
Severity ScoreCritical
The vulnerability has been patched, so you should update to version 2.1.4.
Track The Click
Plugin Slugtrack-the-click
Installations3,000+
VulnerabilitySQL Injection
Patched in Version0.3.12
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 0.3.12.
Anchor Episodes Index (Spotify for Podcasters)
Plugin Sluganchor-episodes-index
Installations2,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.1.8
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2.1.8.
Comment Blacklist Updater
Plugin Slugcomment-blacklist-updater
Installations2,000+
VulnerabilityBroken Access Control
Patched in Version1.2.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.2.0.
Instant CSS
Plugin Sluginstant-css
Installations2,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in Version1.2.2
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.2.2.
Pretty Google Calendar
Plugin Slugpretty-google-calendar
Installations2,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.6.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.6.0.
OpenHook
Plugin Slugthesis-openhook
Installations2,000+
VulnerabilityRemote Code Execution (RCE)
Patched in Version4.3.1
Severity ScoreCritical
The vulnerability has been patched, so you should update to version 4.3.1.
BuddyMeet
Plugin Slugbuddymeet
Installations1,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.3.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2.3.0.
Pre-Publish Checklist
Plugin Slugpre-publish-checklist
Installations1,000+
VulnerabilityBroken Access Control
Patched in Version1.1.2
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.1.2.
Simple Posts Ticker
Plugin Slugsimple-posts-ticker
Installations1,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.1.6
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.1.6.
Simple Posts Ticker
Plugin Slugsimple-posts-ticker
Installations1,000+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.1.6
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.1.6.
User Avatar – Reloaded
Plugin Sluguser-avatar-reloaded
Installations800+
VulnerabilityCross Site Scripting (XSS)
Patched in Version1.2.2
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 1.2.2.
Payment gateway per Product for WooCommerce
Plugin Slugwoocommerce-product-payments
Installations500+
VulnerabilityCross Site Scripting (XSS)
Patched in Version3.2.8
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 3.2.8.
Staff / Employee Business Directory for Active Directory
Plugin Slugldap-ad-staff-employee-directory-search
Installations10+
VulnerabilityBroken Access Control
Patched in Version1.3
Severity ScoreLow
The vulnerability has been patched, so you should update to version 1.3.
Modern Events Calendar lite
PluginModern Events Calendar Lite
Plugin Slugmodern-events-calendar-lite
VulnerabilityCross Site Scripting (XSS)
Patched in Version7.1.0
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 7.1.0.
Tiger Forms
Plugin Slugtiger-form
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.1.0
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 2.1.0.
User Activity Log Pro
PluginUser Activity Log Pro
Plugin Sluguser-activity-log-pro
VulnerabilityCross Site Scripting (XSS)
Patched in Version2.3.4
Severity ScoreHigh
The vulnerability has been patched, so you should update to version 2.3.4.
User Activity Log Pro
PluginUser Activity Log Pro
Plugin Sluguser-activity-log-pro
VulnerabilityBypass Vulnerability
Patched in Version2.3.4
Severity ScoreMedium
The vulnerability has been patched, so you should update to version 2.3.4.
WordPress Plugin Vulnerabilities — Unpatched
This section contains plugin vulnerabilities with no known fix. Until a patch is available, you are advised to deactivate the plugin, at minimum, immediately. If there is a high risk of active exploits or the plugin remains unpatched for weeks, you are advised to delete the plugin. You should also delete persistently unpatched plugins the WordPress.org repository has locked and marked “Closed” so they can no longer be downloaded and installed.
Popup Builder
Plugin Slugpopup-builder
Installations200,000+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Unyson
Plugin Slugunyson
Installations200,000+
VulnerabilityBroken Access Control
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Media Library Assistant
Plugin Slugmedia-library-assistant
Installations70,000+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Timthumb Vulnerability Scanner
Plugin Slugtimthumb-vulnerability-scanner
Installations40,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Mang Board WP
Plugin Slugmangboard
Installations10,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Mediavine Control Panel
Plugin Slugmediavine-control-panel
Installations10,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Schema App Structured Data
Plugin Slugschema-app-structured-data-for-schemaorg
Installations10,000+
VulnerabilityBroken Access Control
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Block Plugin Update
Plugin Slugblock-specific-plugin-updates
Installations7,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Simple File List
Plugin Slugsimple-file-list
Installations5,000+
VulnerabilityArbitrary File Deletion
Patched in VersionNo Fix
Severity ScoreHigh
The vulnerability has not been patched. You should deactivate the plugin.
WP Job Portal
Plugin Slugwp-job-portal
Installations3,000+
VulnerabilitySQL Injection
Patched in VersionNo Fix
Severity ScoreCritical
The vulnerability has not been patched. You should deactivate the plugin.
WP Adminify
Plugin Slugadminify
Installations2,000+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Blocks
Plugin Slugblocks
Installations1,000+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Contact Form
Plugin Slugcontact-form-ready
Installations1,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Timely Booking Button
Plugin Slugtimely-booking-button
Installations1,000+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Tiny Carousel Horizontal Slider
Plugin Slugtiny-carousel-horizontal-slider
Installations1,000+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Woocommerce ESTO
Plugin Slugwoo-esto
Installations1,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
WP Hide Pages
Plugin Slugwp-hide-pages
Installations1,000+
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Popup contact form
Plugin Slugpopup-contact-form
Installations900+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Popup contact form
Plugin Slugpopup-contact-form
Installations900+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Social Metrics
Plugin Slugsocial-metrics
Installations900+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
The Awesome Feed – Custom Feed
Plugin Slugwp-facebook-feed
Installations900+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Onclick Show Popup
Plugin Slugonclick-show-popup
Installations400+
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched. You should deactivate the plugin.
Slideshow, Image Slider by 2J
PluginImages Slideshow by 2J
Plugin Slug2j-slideshow
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Add Shortcodes Actions And Filters
PluginAdd Shortcodes Actions And Filters
Plugin Slugadd-actions-and-filters
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Contractor Contact Form Website to Workflow Tool
PluginContractor Contact Form Website to Workflow Tool
Plugin Slugcontractor-contact-form-website-to-workflow-tool
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreHigh
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Cooked
PluginCooked
Plugin Slugcooked
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
CopyRightPro
PluginCopyRightPro
Plugin Slugcopyrightpro
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Comments by Startbit
PluginComments by Startbit
Plugin Slugfacebook-comment-by-vivacity
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Font Awesome Integration
PluginFont Awesome Integration
Plugin Slugfont-awesome-integration
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Font Awesome More Icons
PluginFont Awesome More Icons
Plugin Slugfont-awesome-more-icons
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Contact form Form For All
PluginContact form Form For All
Plugin Slugformforall
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Keap Landing Pages
PluginKeap Landing Pages
Plugin Sluginfusionsoft-landing-pages
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Backend Localization
PluginBackend Localization
Plugin Slugkau-boys-backend-localization
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Kv TinyMCE Editor Add Fonts
PluginKv TinyMCE Editor Add Fonts
Plugin Slugkv-tinymce-editor-fonts
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Magic Action Box
PluginMagic Action Box
Plugin Slugmagic-action-box
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Remove slug from custom post type
PluginRemove slug from custom post type
Plugin Slugremove-slug-from-custom-post-type
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WP Responsive header image slider
PluginWP Responsive header image slide
Plugin Slugresponsive-header-image-slider
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Events Rich Snippets for Google
PluginEvents Rich Snippets for Google
Plugin Slugrich-snippets-vevents
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreHigh
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Shockingly Simple Favicon
PluginShockingly Simple Favicon
Plugin Slugshockingly-simple-favicon
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
TM WooCommerce Compare & Wishlist
PluginTM WooCommerce Compare & Wishlist
Plugin Slugtm-woocommerce-compare-wishlist
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
Vrm 360 3D Model Viewer
PluginVrm 360 3D Model Viewer
Plugin Slugvrm360
VulnerabilitySensitive Data Exposure
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WP Captcha
PluginWP Captcha
Plugin Slugwp-captcha
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WP Captcha
PluginWP Captcha
Plugin Slugwp-captcha
VulnerabilityBypass Vulnerability
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WP GPX Maps
PluginWP GPX Map
Plugin Slugwp-gpx-maps
VulnerabilityBroken Access Control
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WP Jump Menu
PluginWP Jump Menu
Plugin Slugwp-jump-menu
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WP Site Protector
PluginWP Site Protector
Plugin Slugwp-site-protector
VulnerabilityCross Site Request Forgery (CSRF)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WWM Social Share On Image Hover
PluginWWM Social Share On Image Hover
Plugin Slugwwm-social-share-on-image-hover
VulnerabilityCross Site Scripting (XSS)
Patched in VersionNo Fix
Severity ScoreMedium
The vulnerability has not been patched and the plugin is closed. You should uninstall and delete the plugin.
WordPress Theme Vulnerabilities
In this section, you’ll find the latest WordPress theme vulnerabilities to be disclosed. You’ll see the same information we provided above for vulnerable plugins, and the same advice applies. If a security update exists, install it immediately. If a vulnerability remains unpatched in a theme you are actively using, you must find an alternative theme. Deactivate and delete persistently unpatched themes and those marked “Closed” in the WordPress.org theme repository. If you have a vulnerable theme installed that you are not actively using, delete it.
Dan Knauss is StellarWP’s Technical Content Generalist. He’s been a writer, teacher, and freelancer working in open source since the late 1990s and with WordPress since 2004.
Keep reading the article at WordPress News | iThemes Blog. The article was originally written by Dan Knauss on 2023-10-04 13:30:50.
The article was hand-picked and curated for you by the Editorial Team of WP Archives.